Re: Question about directory ownership (SOLVED)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Allegedly, on or about 19 June 2013, Anthony sent:
> In my case, it looked like root was one of the owners of the directory
> but apache wasn't.

That's the usual approach.  It means that, by default, nobody can mess
with your webserver files (local users, nor strangers over the WWW),
unless they have significant privileges to either log-in differently, or
to change the directory structure to something else.

> In the meantime, I'm assuming simply taking ownership of the directory
> shouldn't open any security holes, right?

Nothing springs to mind, so long as you keep your own account safe and
secure.

On a computer either owned by one person, or a webservice managed by one
person, common simple solutions are to change ownership, or
group-ownership of the files to the account of the person being
webmaster.  Or one could set up a new webmaster user account, and use
that separately from their own account.

On my computer, that I use a test bed for websites, I left
the /var/www/html/ as default, and set up new directory paths for
virtual hosts (for each domain name that I set up a test website), and I
own the directories and files in those different locations.  Any
connections to the webserver using the wrong address, or just the IP,
get the default website, which works as an error page.

e.g. If you ran WWW sites www.example.com and www.example.net, you might
run local test sites from /var/www/example.com/ /var/www/example.net/,
with configuration files that associated the website address with those
separate directories.

Of course, if you use SELinux, you need to check on the contexts being
applied.  And any that are re-applied, if you do a default relabel.

-- 
[tim@localhost ~]$ uname -rsvp
Linux 3.8.13-100.fc17.x86_64 #1 SMP Mon May 13 13:36:17 UTC 2013 x86_64

All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.

George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux